Method and system for identifying users and detecting fraud by use of the Internet

ABSTRACT

A method and system for detecting and preventing Internet fraud in online transactions by utilizing and analyzing a number of parameters to uniquely identify a computer user and potential fraudulent transaction through predictive modeling. The method and system uses a delta of time between the clock of the computer used by the actual fraudulent use and the potentially fraudulent user and the clock of the server computer in conjunction with personal information and/or non-personal information, preferably the Browser ID.

FIELD OF THE INVENTION

The invention relates to Internet purchasing or e-tail transactions andspecifically to detecting fraud in such transactions when orderingproducts, services, or downloading information over the Internet.

There is a continuing need to develop techniques, devices, and programsto detect and prevent Internet fraud. The present invention provides amethod and a system for detecting and preventing Internet fraud byutilizing and analyzing a number of parameters to uniquely identify acustomer and a potential fraudulent Internet-based transaction.

DESCRIPTION OF THE PRIOR ART

Many methods and systems have been developed over the years to preventor detect Internet fraud. Today, to gain consumer confidence and preventrevenue loss, a website operator or merchant desires an accurate andtrustworthy way of detecting possible Internet fraud. Merely asking forthe user's name, address, phone number, and e-mail address will notsuffice to detect and determine a probable fraudulent transactionbecause such information can be altered, manipulated, fraudulentlyobtained, or simply false.

Typically, an Internet user who accesses a website for obtaining aservice, product, or information, not only enters personal informationas mentioned above, but is also requested to provide a credit cardaccount number, expiration date, and billing address. An online criminalseeking to obtain goods, services, or access to information (text and/orvisuals over the Internet) commonly uses someone else's credit cardinformation to obtain the services or products during the transaction.To prevent such occurrences, websites, via credit card companies andbanks, often check to see if the address on the order corresponds ormatches the address for the credit card owner. Although billing andshipping addresses can differ, such as when someone purchases a gift foranother, it is a factor to consider in the verification process.Additionally, merchants utilize phone number matching between that ofthe Internet order and the credit card company's database. Anothercommonly used technique for order verification is e-mail addressverification where the website operator sends a message to the user'se-mail address asking the customer to confirm the order prior toexecuting the same. Yet, online thieves frequently use e-mail addressesfrom large portal sites that offer free e-mail accounts. These e-mailaddresses are easily disposable and make it harder for the websiteoperator to identify the fraudulent customer before executing thetransaction.

More sophisticated websites now capture a variety of parameters from theuser known as Common Gateway Interface parameters (CGI parameters).These parameters commonly include non-personal information such as auser's Internet Protocol Address (IP Address). Every computer connectedto the Internet is assigned a unique number known as its InternetProtocol (IP) Address. Much like a phone number in a home or office, anIP address can be used to identify the specific user or at least theparticular computer used for an Internet transaction. In addition, sincethese numbers are usually assigned in country-based blocks, an IPaddress can often be used to identify the country from which a computeris connected to the Internet. Yet, IP addresses can change regularly ifa user connects to the Internet via a dial-up connection or rebootstheir computer. Online thieves also have ways of scrambling their IPaddresses or adopting another's IP address to make it nearly impossiblefor the website operator to identify the true user. Thus, websitestypically use an IP address plus a further non-personal identifier suchas a Browser ID (or user agent), a cookie, and/or a registration ID totry to identify a unique user and to prevent fraud in a secondtransaction.

A Browser ID provides the website operator with a wealth of informationabout the user such as the software being used to browse or surf theInternet. Additionally, the Browser ID includes information about theuser's computer operating system, its current version, its Internetbrowser and the language. Thus, the Browser ID has valuable informationfor identifying a unique user. The Browser ID may also have moredetailed information such as the type of content the user can receive;for example, this lets the website operator know if the user can runapplications in FLASH-animation, open a PDF-file, or access a MicrosoftExcel document. Yet, Browser IDs from different computers can besimilar, as there are so many Internet users and thus many have similarcomputers with the same capabilities, programs, web browsers, operatingsystems, and other information. A cookie refers to a piece ofinformation sent from the web server to the user's web browser which issaved on the resident browser software. Cookies might contain specificinformation such as login or registration information, online ‘shoppingcart’ information, user preferences, etc. But cookies can easily bedeleted by the computer's user, by the browser, or “turned off”completely so that the server cannot save information on the browser'ssoftware. Thus, cookies alone cannot serve as a unique identifier tothwart an Internet thief.

Accordingly, what is needed is a method and system that overcomes theproblems associated with a typical verification and fraud preventionsystem for Internet transactions particularly in the purchasing ofservices, products, or information by uniquely identifying eachconsumer. Then, when that “consumer” seeks a second fraudulent purchase,the website operator will detect the same and block the order or, atleast, obtain more information to ensure the order is legitimate. Thesystem should be easily implemented within the existing environment andshould be adaptable and compatible with existing technology.

SUMMARY OF THE INVENTION

In accordance with the present invention, a method and system isprovided for detecting potentially fraudulent transactions over theInternet. The method and system comprises obtaining information relatingto the transaction from the consumer and combining this information witha unit corresponding to the change of time, a delta of time parameter,to create a unique computer identifier. If a future transaction involvesan identical computer identifier, as described below, which waspreviously engaged in a fraudulent transaction, the website operator canchoose to cancel the transaction, pursue legal action, seek furtherverification, or the like. By using information relating to the firsttransaction, such as the IP address and/or Browser ID, and combining itwith the delta of time parameter, as detailed herein, the website hostcan more accurately preventively track fraudulent users online bycomparing computer identifiers to each other. In so doing, an integratedfraud prevention system is provided which allows the website host,merchant, or the like, to accurately and efficiently determine thevalidity or fraudulent quality of a transaction sought to be transactedover the Internet.

Accordingly, it is an object of the invention to provide a method andsystem for improving fraud detection in connection with Internettransactions.

It is another object of the invention to utilize existing technologicalcapabilities to prevent online thieves from making second fraudulenttransactions.

The above object and other objects, features, and advantages of thepresent invention are readily apparent from the following detaileddescription of the best mode for carrying out the invention when takenin connection with the accompanying chart.

BRIEF DESCRIPTION OF THE CHART

The chart illustrates the versatility and accuracy of the presentinvention in weeding out possible fraudulent online transactions.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENT AND THE CHART

The present invention relates to a method and system for detectingpotentially fraudulent transactions over the Internet. Variousmodifications to the preferred embodiment will be readily apparent tothose skilled in the art and the general principles herein may beapplied to other embodiments. The present invention is not intended tobe limited to the embodiment shown but is to be accorded the widestscope consistent with the principles and features described herein. Itis to be understood that the website, its host, or operator does nothave to be a merchant of goods.

The present invention provides a fraud prevention system for onlinetransactions by uniquely identifying a customer based on a number ofparameters at least one of which is a delta of time parameter andanother of which is preferably the Browser ID of the computer. Referringto the chart, what is shown is a series of typical transactions on theInternet between a merchant and several customers. Each customerestablishes a connection between his computer and the merchant'swebsite. Upon making this connection, the merchant's website receivessome non-personal identification information from the customer. Thisnon-personal information typically includes Common Gateway Interface(CGI) parameters such as the customer's Internet Protocol (IP) Addressand the computer's Browser ID. While “hackers” can change, disguise,and/or emulate the IP address to mask a fraudulent transaction, most donot now have the capability nor the idea to do the same for the BrowserID. While some “hackers” can change the Browser ID, it is not a trivialtool and if one needs to change it all the time it is not allowing thosethieves to easily steal, hence, they are likely to go to a site thatdoes not check Browser IDs. In a typical embodiment, when the customerdecides to purchase services, goods, or information from the website,the customer must input additional and more personal information. Thispersonal identification information may commonly include the customer'sname, address, billing and shipping information, phone number, and/ore-mail address. A key feature of the present invention is that thewebsite server also captures the local time of the customer's computer,typically through a program such as Javascript, as well as the localtime of the server's computer. The server then calculates the timedifference (or delta of time) between the customer's computer clock andthe server's computer clock. This can be recorded in any desired formatsuch as hours, minutes, seconds, or the like, but corresponds to a deltaof time parameter. The delta of time parameter, the non-personalinformation, including but not limited to the preferred usage of theBrowser ID, and/or the personal information are stored by the merchantand used to uniquely identify the customer.

Because computer users rarely personally change the internal clockswithin their computers, the delta of time parameter will likely be thesame (or within a range) for a computer every time that computer is usedto conduct an online transaction with the same merchant even if the userdisguises or changes the IP address. The Browser ID is also not likelyto be changed, even by a consumer seeking to perpetuate a fraudulenttransaction. Thus, the delta of time parameter (the difference betweenthe time of day of the computer user's clock and the time of day on thewebsite's server clock) is an important component of the computeridentifier because it, along with the preferred Browser ID or otherpersonal or non-personal information, is a good indication of theidentity of a subsequent user on the same computer. The delta of timeparameter also allows the merchant to potentially locate the computer interms of a time zone, region, or country.

Once a merchant determines that a first fraudulent transaction may havebeen made, the merchant can flag the customer's computer identifier,i.e. Browser ID and delta of time. In a preferred embodiment, thecomputer identifier will include at least its delta of time and BrowserID, but may also include other personal and/or non-personal information.Then, the matching parameter can be used to identify a subsequenttransaction which reveals a user with an identical set of computeridentifiers. The matching is typically implemented by software, forexample, on a hard disk, floppy disk, or other computer-readable medium.After the comparison has been made, the software assigns a matchingvalue to the pair of transactions based on the similarities between thefirst and subsequent transaction. The website server may inform themerchant of the matching value, cancel the transaction, inform thecostumer of the status of their order, demand more information, or thelike. The merchant may then choose its desired course of action.

A particularly important feature of the present invention is themerchant's ability to include, remove, and weigh each parameter withinthe computer identifier. For example, the merchant may choose to onlyuse the delta of time parameter and Browser ID to form the uniquecomputer identifier. Accordingly, the merchant may set the matchingparameter to fit a level of comparison between the first and subsequenttransaction. For example, since deltas of time may slightly changebecause of the differences in accuracy between the server and the user'scomputer clock mechanism, computer clocks and deltas may slightly varyover time. The merchant may set the matching parameter to include arange of delta of time, such as a few minutes, instead of an exactmatch. This way, even if the user's computer “loses time,” the matchingparameter will still identify the subsequent transaction as a potentialfraudulent one based on other information within the computeridentifier.

Although the present invention has been described in accordance with theembodiments shown, one of ordinary skill in the art will recognize thatthere could be variations to the embodiment and those variations wouldbe within the spirit and scope of the present invention. Therefore,although the present invention was described in terms of a particularfraud prevention method and system, one of ordinary skill in the artreadily recognizes, that any number or parameters can be utilized andtheir use would be within the spirit and scope of the present invention.

1. A method for creating a computer identifier for an online customerfor detecting a possible fraudulent transaction in the course of anonline transaction comprising the steps of: receiving, from saidcustomer's computer, at least one personal or non-personalidentification parameter; capturing, from the clock of said customer'scomputer, said customer's computer local time; capturing, from awebsite's server clock, said server's local time; creating and storing adelta of time parameter based upon the difference between saidcustomer's computer local time and said server's local time; anduniquely identifying said customer with said delta of time parameter andsaid at least one personal or non-personal identification parameter. 2.The method of claim 1 further including the step of receiving, from saidcustomer, an additional identification parameter comprising personalidentification information relating to said transaction.
 3. The methodof claim 1 wherein said at least one non-personal identificationparameter is said computer's IP address.
 4. The method of claim 1wherein said at least one non-personal identification parameter is saidcomputer's Browser ID.
 5. The method of claim 1 wherein said delta oftime parameter is stored as a range of time.
 6. A method for detectingfraud in an online transaction by a customer comprising the steps of:creating a first computer identifier in the course of an onlinetransaction comprising the steps of claim 1; creating at least a secondcomputer identifier in the course of a second proposed onlinetransaction comprising the steps of claim 1; utilizing a matchingparameter to compare said first computer identifier with said secondcomputer identifier; creating a matching value based on the similaritiesbetween said first computer identifier and said second computeridentifier; and classifying said second online transaction asfraudulent, not fraudulent, or requiring further consideration basedupon the value of said matching parameter.
 7. The method in claim 6,further comprising: communicating to the website operator an indication,as to whether said second online transaction is fraudulent, notfraudulent, or requires further consideration.
 8. The method in claim 6,further comprising: blocking said second online transaction based uponthe value of said matching parameter.
 9. The method in claim 6, furthercomprising: communicating to said customer the status of said secondonline transaction based upon the value of said matching parameter. 10.The method in claim 6, wherein said delta of time parameter is stated asa range of time.
 11. The method of claim 6 wherein said personal ornon-personal identification parameter is a Browser ID.
 12. A computerreadable medium containing program instructions for creating a computeridentifier in the course of an online transaction comprising the stepsof: receiving, from an online customer's computer, at least one ofeither a personal or non-personal identification parameter; capturing,from the clock of said customer's computer, said computer's local time;capturing, from the clock of said website's server computer, said servercomputer's local time; creating and storing a delta of time parameterbased upon the difference between said customer's computer's local timeand said server computer's local time; and uniquely identifying saidcustomer with customer identification customer identification datacomprising said delta of time parameter and said at least one of eitherof said personal or non-personal identification parameter.
 13. Thecomputer readable medium of claim 12 further including the step of:receiving and storing, from said customer, personal identificationinformation relating to said transaction.
 14. The computer readablemedium of claim 12 further including the step of: communicating to thewebsite operator an indication as to whether a second online transactionmay be fraudulent because of the similarity existing between the storedcustomer identification data and the new customer's identification data.15. The computer readable medium of claim 14 further including the stepof: blocking said second online transaction based upon said indicationas to whether a second online transaction may be fraudulent.
 16. Thecomputer readable medium of claim 14 further including the step of:communicating to said customer the status of said second onlinetransaction based upon the similarity of said stored customeridentification data and the new customer's identification data.
 17. Acomputer readable medium as claims in claim 11 wherein said non-personalcomputer identification parameter is a Browser ID.
 18. A computerreadable medium containing program instructions for detecting likelihoodof fraud in an online transaction comprising the steps of: creating afirst computer identifier in the course of an online transactioncomprising the steps of claim 1; creating at least one additionalcomputer identifier in the course of an additional online transactioncomprising the steps of claim 1; utilizing a matching routine to comparesaid first computer identifier with said at least one additionalcomputer identifier; and deciding as to whether the online transactionis fraudulent, not fraudulent or requires further consideration based onthe similarities between said first computer identifier and said atleast one additional computer identifier.